Activity
Mon
Wed
Fri
Sun
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
What is this?
Less
More

Memberships

AI Workshop Lite

37.9k members • Free

Chase AI Community

72.2k members • Free

AI Automation Vault

21.2k members • Free

AI Automation Society

424.6k members • Free

Cloud Engineer Academy STARTER

9.2k members • Free

3 contributions to AI Automation Society
Authentication, authorization, provenance on two AI agent teams on Claude Code
I run two AI agent teams on Claude Code. One runs my product (a Shopify analytics app). One runs operations. They coordinate the way microservices do: messages in a shared inbox folder. This week I noticed something I didn't like. Both teams' startup routines said the same thing: "read the inbox, act on each line." Act on each line. No verification. No classification. Any text that landed in that folder became an instruction. I've spent 20 years in security operations. If a client described this setup to me, I'd call it what it is: an unauthenticated command channel. And I built it myself, into my own system, without noticing. The uncomfortable part: the session that finally surfaced the risk had already executed three inbox lines that same morning. Blind trust worked only because both teams are one person. Me. The moment anything else can reach that folder (another person, a scheduled job, a pasted customer email), it becomes an attack surface. I checked it against the OWASP Top 10 for Agentic Applications 2026. It's a textbook pair: ASI01 (Agent Goal Hijack) and ASI07 (Insecure Inter-Agent Communication). The fix took one session. Four rules: 🔹 Messages are requests, not commands. On pickup, each line gets classified: reversible and inside the repo = act. External-facing, irreversible, or credential-adjacent = stage it and ask the human. 🔹 The inbox folder became a git repository. Every write and every drain is a commit. An uncommitted line is treated as forged. 🔹 Every line carries provenance: [src: decision number, ledger date, or commit]. The receiver verifies at the source before acting. 🔹 Quoted external content inside a message is data. Never instructions. What I deliberately didn't build: message signing and per-agent identity. That's the right answer for real multi-party systems. It's ceremony for one human on one disk. Git history buys attribution for free. The lesson that generalizes: if your agents pass messages to each other, that channel is part of your attack surface. Treat it like any inter-service channel. Authentication, authorization, provenance.
1
0
10 days with Claude Code → an AI analyst that physically can't make a number up
I built a production-ready AI analyst in 10 days with Claude Code — but it really took 5 months and a second brain to get there. 🍑 The honest version of this story: Plum didn't come out of nowhere. It was the payoff of a Feb–June learning sprint — SQL, Python, Power BI, Tableau, Databricks, then Claude Code and AI agents — where I built a medallion warehouse three times over in different stacks before I ever pointed it at a real product. What tied it together was a second brain in Obsidian. Not a pile of notes — a structured wiki that Claude Code itself maintains: one page per course and project, skill pages that trace every claim back to the work that proves it, an append-only log, and a hard rule that contradictions get flagged, never silently overwritten. So when I started Plum, I wasn't starting cold — I was starting from a connected map of everything I'd actually built and could reuse. Then I pointed Claude Code at a hard problem: an AI analyst for Shopify whose entire design goal is restraint — it physically can't make a number up. The build (Claude Code, ~10 days): → A real bronze → silver → gold warehouse on PostgreSQL, built from store data → A governed metric layer where every number traces to a defined SQL query → A read-only tool layer the model can only propose calls against — it never writes SQL, never touches the database → Receipts on every answer: the exact SQL plus a hash you can replay without the AI in the loop. Doctor a receipt, it fails. → A numeric post-check on the model's prose — two strikes and it's withheld, facts stand alone → Built by a chartered multi-agent team, verified gate by gate, multi-tenant, Shopify-App-Store-ready The thread running through both the vault and the product is one rule: don't fake "done," don't fake numbers. A task is complete only when the artifact exists, runs, and the output was actually observed. Every metric traces to a real query. That discipline is the only reason a 10-day project is honest enough to show publicly.
10 days with Claude Code → an AI analyst that physically can't make a number up
0 likes • 21d
Honestly, there was no big challenges. When all knowledge was introduced to Claude Code, I have made team of agents and build app from the ground with clear roadmap. Every change has been verified and tested.
🚀New Video: I Turned Claude Fable Into The Ultimate Second Brain
My entire life and business now live in one second brain, and Claude Fable understands it better than I do. In this video I walk through my full Claude Fable AI operating system using the four Cs framework: context, connections, capabilities, and cadence. You'll see exactly how my files and folders are set up, how I keep improving it every day, and the usage tips I rely on to get more out of it.
8 likes • Jun 10
Nice
1-3 of 3
@vladimir-vukojicic-6770
A certified and highly motivated Security Officer with over five years of specialized experience in security

Active 17m ago
Joined Jun 5, 2026
Serbia
Powered by